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(54) Security managing system, data distribution apparatus and portable terminal apparatus 



(57) With a portable compact flash (CF) card (3) 
retaining application software/database set in a portable 
terminal (2), the portable terminal (2) performs data 
processing by accessing the application software/data- 
base in the CF card (3). First, the portable terminal (2) 
reads terminal ID previously stored in the CF card (3). 
Then, the portable terminal (2) compares the terminal 
ID in the CF card (3) with its own terminal ID previously 
set, and determines whether or not to be able to access 
the application software/database in the CF card (3) 
based on the comparison result. 
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Description 

[0001] The present invention relates to a security 
managing system, a data distribution apparatus and a 
portable terminal apparatus. 

[0002] In general, a personal computer is sepa- 
rately provided with application software by means of a 
recording medium such as a floppy disk or a compact 
disk, and this application software is activated after 
being installed on the personal computer, (n this case, a 
software maker ships each application software affixed 
with a unique product number. When a user installs and 
runs this application software on his or her personal 
computer, the user is requested to enter this product 
number through a keyboard as a permitting key. 
[0003] In an on-line type client/server system which 
has a plurality of portable terminals connected to one 
another in a communicatable manner over a network, 
each client terminal acquires application software over 
the network. In this case, each client terminal requests 
the server to transfer the copy of the application soft- 
ware. At this time, the user enters his or her own ID 
(Identification) and password. 

[0004] But, application software which is provided 
via a recording medium can be illegitimately installed in 
multiple times on a plurality of personal computers once 
the product number is known. To inhibit such illegitimate 
copying, It is necessary to clear the entire contents of 
the recording medium once the application software is 
installed. If the entire contents of the recording medium 
are deleted, however, the user cannot deal with a possi- 
ble case where something goes wrong with the applica- 
tion software later so that reinstallation is needed. 
Further, this scheme enforces the user to carry out a 
troublesome work of clearing the contents of the record- 
ing medium every time the application software is 
installed. 

[0005] In the case where a client terminal gains 
access to the server over a network, anyone who knows 
an authentic user ID and password can access the 
application software from any terminal, which may 
result in illegitimate access to the application software. 
[0006] The same Is true of the case where highly 
confidential important data as well as application soft- 
ware is provided by means of a recording medium or 
over a network. This conventional scheme is not there- 
fore completely security-proof. 

[0007] Accordingly, it Is an object of the present 
invention to provide a scheme of permitting only a pre- 
determined portable terminal apparatus to gain access 
to a data retaining recording medium, thus ensuring 
access control terminal by terminal so as to make it posr 
sible to maintain the security and effectively inhibit ille- 
gitimate copying by another portable terminal apparatus 
which does not have an authentic accessing right. 
[0008] It is another object of this invention to pro- 
vide a scheme of permitting only a predetermined port- 
able terminal apparatus to gain access to data stored in 



a recording medium at the time the data is written in the 
recording medium and distributed in this form, thus 
ensuring access control terminal by terminal so as to 
make it possible to maintain the security and effectively 
5 inhibit illegitimate copying by another portable terminal 
apparatus which does not have an authentic accessing 
right 

[0009] To achieve the above object, according to 
the first aspect of this invention, there is provided a port- 

w able terminal apparatus for accessing application soft- 
ware and data, stored in a potable recording medium 
set in the portable terminal apparatus, for performing 
data processing, which comprises read means for read- 
ing identification information predetermined to a porta- 

75 ble terminal apparatus, previously stored as control 
information in the recording medium, at a time of gain- 
ing access to the application software and data in the 
recording medium; comparison means for comparing 
the identification information read by the read means 

20 with previously set local identification information; and 
access control means for determining whether or not to 
permit access to the application software and data in 
the recording medium based on a result of comparison 
made by the comparison means. 

25 [001 0] According to the second aspect of this inven- 
tion, there is provided a data distribution apparatus for 
writing application software and data in a portable 
recording medium to ensure distribution of the applica- 
tion software and data to each portable terminal via the 

30 recording medium, which comprises acquisition means 
for acquiring, as access control information, identifica- 
tion information predetermined and previously assigned 
to a portable terminal whose access to application soft- 
ware and data has been permitted or inhibited; and 

35 write means for writing the portable terminal identifica- 
tion information acquired by the acquisition means in 
the recording medium in association with the application 
software and data. 

[001 1 ] According to the present invention, in a port- 
40 able terminal apparatus which accesses a recording 
medium where application software and data are stored 
and performs data processing, only a predetermined 
portable terminal device is permitted to access the 
application software and data in the recording medium. 
45 This can ensure access control terminal by terminal so 
that it is possible to maintain the security and effectively 
inhibit illegitimate copying by another portable terminal 
apparatus which does not have an authentic accessing 
right. 

so [001 2] According to the present invention, in a port- 
able terminal apparatus which accesses a recording 
medium where application software and data are stored 
and performs data processing, information to permit 
access to the application software and data in the 

55 recording medium is written onfy in a predetermined 
portable terminal apparatus. This can ensure access 
control terminal by terminal so that it is possible to main- 
tain the security and effectively inhibit illegitimate copy- 
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ing by another portable terminal apparatus which does 
not have an authentic accessing right 
[0013] According to the present invention, the data 
distribution apparatus which carries out data communi- 
cations with a plurality of portable terminal devices over s 
a network permits only a predetermined portable termi- 
nal to access application software/data, thereby prohib- 
iting the application software/data from being 
illegitimately downloaded and guaranteeing the secu- 
rity, w 
[0014] According to the present invention it is possi- 
ble to prohibit those portable terminals which have not 
previously been permitted to use a database stored in a 
data recording medium from using that database. 
[0015] This summary of the invention does not nec- is 
essariiy describe all necessary features so that the 
invention may also be a sub-combination of these 
described features. 

[0016] The invention can be more fully understood 
from the following detailed description when taken in 20 
conjunction with the accompanying drawings, in which: 

FIG. 1 is a system structural diagram illustrating an 
off-line type client/server system; 
FIG. 2 A is a diagram showing data in a CF card 3 zs 
associated with a terminal; 

FIG. 2B is a diagram showing data in a CF card 3 
associated with a terminal group A; 
FIG. 2C is a diagram showing data in a CF card 3 
associated with a terminal group B; 30 
FIG. 3 is a diagram for explaining the terminal 
groups A and B; 

FIG. 4A is a diagram depicting the data structure of ' 
a terminal registration table 7; 

FIG. 4B is a diagram depicting the data structure of 3S 
an application-data setting table 8; 
FIG. 4C is a diagram depicting the data structure of 
a group registration table 9; 

FIG. 5 is a block diagram illustrating the general 
structure of a server computer 1 (portable terminal 40 

2); 

FIG. 6 is a flowchart illustrating the characterizing 

operation of the server computer 1 ; 

FIG. 7 is a flowchart illustrating the characterizing 

operation of the portable terminal 2; 45 

FIG. 8 is a system structural diagram illustrating an 

on-line type client/server system; 

FIG. 9 Is a flowchart illustrating the operation of a 

client terminal 32; 

FIG. 1 0 is a flowchart illustrating the operation of a so 
server computer 31 ; 

FIG. 11 is a block diagram showing the general 
structure of a security managing system; ■ 
FIG. 12 is a diagram showing the contents of the 
CF card 3; 55 
FIG. 13 is a block diagram showing the general 
structure of a server 1/each portable terminal 2; 
FIG. 14 is a flowchart illustrating the operation of 



the server 1 when the portable terminal 2 is exter- 
nally provided with an application (AP) soft- 
ware/database, which is stored and managed' on 
the server 1 , by means of the portable CF card 3; 
FIG. 15 is a flowchart which is a continuation of 
FIG. 14 and illustrates the operation of the server 1 ; 
and 

FIG. 16 is a flowchart illustrating the operation of 
each portable terminal 2 which is initiated when 
access to the CF card 3 Is designated. 

(First Embodiment) 

[0017] A first embodiment of the present invention 
will now be described with reference to FIGS. 1 through 
7. 

[0018] FIG. 1 presents a system structural diagram 
illustrating an off-line type client/server system. 
[0019] This off-line type client/server system com- 
prises a server computer 1 sited In a company office 
and mobile client terminals (portable terminals) 2 that 
individual business persons of this company carry 
around. Each business person performs a business 
work while accessing an application (AP) software/data- 
base stored In a portable recording medium 3 which is 
loaded in the terminal 2 outside the office, unloads the 
portable recording medium 3 from the terminal 2 at the 
end of a day's work, and sets it in a card reader/ writer 4 
of the server computer 1 provided in the office. Then, 
the server computer 1 performs a process of collecting 
the business records in the portable recording medium 
3 via the card reader/writer 4. 

[0020] The portable recording medium 3 is a 
removable compact flash card and will hereinafter be 
called "CF card 3 - . A plurality of CF cards 3 are simulta- 
neously loadable in the card reader/writer 4 attached to 
the server computer 1. The card reader/writer 4 
accesses the individual CF cards 3 one by one to per- 
form data reading/writing. 

[0021] In FIG. 1, "#r, -#2" and "#3" affixed to the 
CF cards 3 indicate that the CF cards 3 are associated 
with the portable terminals 2 indicated by terminal 
names *A1 B , "BT and "C1" in one-to-one correspond- 
ence. 

[0022] Although this embodiment uses a CF card 3 
associated with a terminal group, which will be dis- 
cussed later, in addition to the CF card 3 associated 
with each portable terminal, FIG. 1 exemplifies only 
those terminal-associated CF cards 3. 
[0023] The server computer 1 distributes an appli- 
cation (AP) software/database to each portable terminal 
2 via the associated CF card 3. 

[0024] Specifically, the server computer 1 reads out 
the contents of an AP software storage section 5 and a 
database storage -section 6 and provides the card 
reader/writer 4 with the contents and writes the AP soft- 
ware/database in the individual CF cards 3 loaded in the 
card readerAwriter 4. At this time, the server computer 1 
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determines what should be written in which terminal by 
referring to an application-data setting table 8, specifies 
and writes an AP software/database in the associated 
CF card 3, and writes terminal identification information 
(terminal 10) in that CF card 3 as access control infor- 
mation for the AP software/database. 
[0025] FIGS. 2A through 2C show data stored in the 
CF cards 3. FIG. 2A shows the contents of the terminal- 
associated CF card 3. 

[0026] This terminal -associated CF card 3 is 
designed to store a medium number predetermined to 
itself to identify the CF card 3, a predetermined terminal 
10 for identifying the portable terminal 2 that uses this 
card and AP software and database. In this example, a 
medium number "M01", terminal ID "ID1 1", AP software 
"a 1" and database "01" are stored in the CF card 3. 
The correlation between the AP software/database and 
the terminal ID defines the terminal that is given a per- 
mission to access the AP software/database. One ter- 
minal ID is set for one terminal- associated CF card 3. 
[0027] FIG. 2B shows the contents of a CF card 3 
associated with a terminal group A. As shown in FIG. 3, 
the individual CF cards 3 affixed with "#1A" are record- 
ing media associated with the terminal group A to which 
the individual portable terminals 2 respectively having 
terminal names "AT, "A2" and "A3" belong. In each 
group-associated CF card 3, one terminal ID or more 
than one terminal ID are stored for each of various kinds 
of AP software/databases in addition to the "medium 
number", and other data than the "medium number are 
identical to those of the other CF cards 3 in that group. 
[0028] The terminal ID like that shown in FIG. 2A is 
predetermined terminal identification information 
assigned to each of the portable terminals 2 that belong 
to the terminal group A as shown in FIG. 3, and the cor- 
relation between the AP software/database and this ter- 
minal ID defines the terminal that is given a permission 
to access the AP software/database as in the case of 
the terminal-associated CF card 3. 
[0029] FIG. 2C shows the contents of a CF card 3 
associated with a terminal group B. As the data struc- 
ture is the same as that for the case of the terminal 
group A as shown in FIG. 2B, its explanation will not be 
repeated. As shown in FIG. 3, the terminal ID set in 
each CF card 3 associated with the terminal group B is 
predetermined terminal identification information 
assigned to each of the portable terminals 2 that belong 
to the terminal group B. 

[0030] FIGS. 4A through 4C show the data struc- 
tures of a terminal registration table 7, the application- 
data setting table 8 and a group registration table 9 pro- 
vided on the server computer 1 side. FIG. 4A shows the 
contents of the terminal registration table 7. 
[0031 ] This terminal registration table 7 is referred 
to at the time the application-data setting table 8 is ere- 1 
ated or an AP software/database is written in any termi- 
nal-associated CF card 3. This terminal registration 
table 7 has "terminal names', "terminal IDs" and 



"medium numbers" associated in one another, which 
are to be set or registered when the system is con- 
structed or new medium is to be additionally used. 
[0032] The application-data setting table 8 is 

5 designed to store one terminal ID or more than one ter- 
minal ID in association with the name of each AP soft- 
ware and the name of each database for the AP 
software/database, as shown in FIG. 4B. The server 
computer 1 refers to this application -data setting table 8 

10 at the time of writing the AP software/database in the 
CFcard3. 

[0033] FIG. 4C shows a group registration table 9 
denoting a relationship between the group names A and 
B and the corresponding terminal IDs. In FIG. 4C, termi- 
is nals ID1 1, ID 12 and ID13 are shown as to belong to the 
group A, while terminals ID14 and ID15 belong to group 
B. 

[0034] FIG. 5 is a block diagram illustrating the gen- 
eral structures of the server computer 1 and the porta- 

20 ble terminal 2. 

[0035] Because the constituting component of the 
server computer 1 are basically the same as those of 
the portable terminal 2, their structures will be dis- 
cussed below referring to the components of the server 

25 computer 1 by numerals " 1 1 " to "1 6" and referring to the 
components of the portable terminal 2 by numerals "21 " 
to "26". 

[0036] A CPU 11 (21) Is a central processing unit 
which controls the general operation of the server com- 

30 puter 1 (portable terminal 2) according to various kinds 
of programs. A memory device 12 (22) has a recording 
medium 13 (23) where an operating system, various 
kinds of application programs, a database, character 
font data, etc. have previously been stored, and a drive 

35 system (not shown) for this recording medium. 

[0037] The recording medium 1 3 (23) is a fixed type 
or a removable type and is a magnetic or optical record- 
ing medium or a semiconductor memory, such as a 
floppy disk, a hard disk, an optical disk or a RAM card: 

4a [0038] The program and data in the recording 
medium 1 3 (23) is loaded into a RAM 1 4 (24) as needed 
under the control of the CPU 1 1 (21 ). The CPU 11 (21 ) 
has capabilities of receiving a program and data trans- 
mitted from another device via a communication line or 

45 the like and storing them in the recording medium, and 
using a program and data stored In another recording 
medium provided in another device via a communica- 
tion line or the like. 

[0039] The CPU 11 (21) is connected by bus lines 
so to an input device 15 (25) and a display device 16 <26), 
which are its input/output peripheral devices, and con- 
trols the operations of those devices in accordance with 
an input/output program. 

[0040] : The operation* of this client/server system 
55 will now be described with reference to the flowcharts 
illustrated in FIGS. 6 and 7. 

[0041] Note that the program that accomplishes 
various functions described in those flowcharts is stored 
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in the recording medium 13 (23) in the form of readable 
program codes according to which the CPU 1 1 (21 ) exe- 
cutes the operations as needed. The same is true in the 
following embodiments which will be discussed later. 
[0042] FIG. 6 presents the flowchart that illustrates 
the characterizing operation of the server computer 1 . 
[0043] First, when a setting/registration instruction 
to arbitrarily set the contents of the application-data set- 
ting table 8 is given to the application -data setting table 
8 (step A1), the name of an AP software/database to be 
set in the application-data setting table 8 is selected 
(step A2) and the terminal name of the portable terminal 

2 which is to be permitted to access this AP soft- 
ware/database is selected (step A3). 

[0044] When the selected name of the AP soft- 
ware/database is written in the application -data setting 
table 8, the terminal ID that corresponds to the selected 
terminal name is acquired from the terminal registration 
table 7 and is written in the application-data setting table 
8 In association with the name of the AP software/ data- 
base (step A4). When setting one record of data in the 
application -data setting table 8 is finished, it is checked 
if a setting end has been instructed (step A5) and the 
above-described operation is repeated until the setting 
end instruction Is Issued (steps A2 to A4). 
[0045] When writing of data to a CF card 3 is 
instructed (step A6), the flow proceeds to a process of 
writing the CF card 3 on the condition that the CF card 

3 is set in the card reader/writer 4 (step A7). First, a writ- 
ing type Is selected (step A8). 

[0046] When a user selectively designates writing 
to a terminal-associated CF card 3 or writing to a termi- 
nal-group-associated CF card 3, the selected writing 
type is discriminated. If writing to a terminal-associated 
CF card 3 has been selectively designated, the 
"medium number* is read from the CF card 3 set in the 
card reader/writer 4 (step A9) and the terminal ID corre- 
sponding to the medium number is acquired from the 
terminal registration table 7 (step A10). 
[0047] Then, based on the terminel ID, the applica- 
tion-data setting table 8 is searched for the name of the 
AP software/database corresponding to the terminal ID 
and the corresponding AP software/database is read 
from the AP software storage section 5 and the data- 
base storage section 6 according to the acquired name 
(step A11). 

[0048] If the terminal ID is "ID1 1" in the application- 
data setting table 8 shown in FIG. 4B, for example, "a 1 ' 
is read from the AP software storage section 5 as the 
corresponding AP software and "DT is read from the 
database storage section 6 as the corresponding data- 
base. 

[0049] . , The thus acquired AP software/database 
corresponding to the terminal ID is written in the CF 
card 3 (step A12), and the terminal ID acquired in the 
step A10 is written there as access control information 
for the AP software/database (step A13). When this 
writing is completed, a "write flag" which indicates that 



writing is done is set ON in the application-data setting 
table 8 in association with the terminal ID (step A14). 
[0050] When a plurality of CF cards 3 are set in the 
card reader/writer 4, it is checked if there is any unwrit- 

5 ten CF card 3 (step A15). If there is such an unwritten 
CF card 3, the flow returns to step A9 to access the next 
. CF card 3 to read Its "medium number* and a writing 
process similar to the above-described one is per- 
formed on that CF card 3. When writing all the CF cards 

io 3 set in the card reader/writer 4 is completed, the termi- 
nal ID for which the "write flag - is not set is extracted by 
referring to the application-data setting table 8, the ter- 
minal name corresponding to this terminal ID is 
acquired from the terminal registration table 7 and is 

75 displayed and listed as the name of an unwritten termi- 
nal (step A1 6) and a writing end message is displayed 
(step A 17). 

[0051] When writing to a terminal-associated CF 
card 3 has been selectively designated, on the other 

20 hand, a selection menu screen for terminal group 
names is displayed. When the user selectively desig- 
nates a desired group name from the screen (step A18), 
the group registration table 9 is searched for a plurality 
of corresponding terminal IDs based on this group 

25 name (step A 19). 

[0052] Based on those terminal IDs, the contents of 
the application -data setting table 8 are searched from 
the top of the table 8. When any of the acquired terminal 
IDs is present in the application-data setting table 8, an 

30 AP software/database corresponding to that terminal ID 
is read from the AP software storage section 5 and the 
database storage section 6 (step A20). 
[0053] If the terminal group A has been selected, for 
example, the AP software "a 1 " is acquired. Then, the 

35 obtained AP software/database Is written together with 
the corresponding terminal ID in the CF card 3 (steps 
A21 and A22). In this case, the AP software "a 1" and 
the terminal IDs "ID1 1" and "ID12" are written in the CF 
card 3 in association with one another. The above- 

40 described operation is repeated until writing to every CF 
card 3 set in the card reader/writer 4 is completed 
(steps A21 to A23). 

[0054] When writing to all the media is completed, 
the flow proceeds to step A24 to check if any unwritten 

45 AP software/database in the same group is present in 
the application-data setting table 8. When such an 
unwritten AP software/database exists, the flow returns 
to step A20 and "a 2" is read as AP software corre- 
sponding the terminal group A and is written together 

so with the terminal ID "ID1 3" in each CF card 3. 

[0055] Thereafter, the database "D 1 " and the termi- 
nal ID "ID1 1 ' are similarly written in each CF card 3, fol- 
lowed by the writing of a database "D2" and terminal ID 
"ID 12" in each CF card 3, then by the writing of a data- 

55 base "D3" and terminal ID "ID13" therein. As a result, 
the contents of the individual CF cards 3 corresponding 
to the terminal group A become as shown in FIG. 2B. 
When writing associated with the terminal group A is 
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completed, the write end message is displayed (step 
A1 7). The CF cards 3 in which the AP software/data- 
base has been written are distributed to the correspond- 
ing portable terminals 2. 

[0056] FIG. 7 is a flowchart illustrating the operation s 
of the portable terminal 2 which is activated or initiated 
when the portable terminaJ 2 is powered on. 
[0057] First, when an arbitrary AP software/data- 
base is selected from the initial menu screen and activa- 
tion of the AP software/database Is instructed (step B1 ), w 
if no CF card 3 is set in that portable terminal 2 (step 
B2), the flow returns to step B1 to invalidate the activa- 
tion. If the CF card 3 is set in the portable terminal 2, 
however, the local terminal ID previously set is read out 
(step B3). is 
[0058] Then, the CF card 3 is accessed to read the 
terminal ID therefrom (step B4), and it is checked if the 
read terminal ID coincides with the local terminal ID 
(step B5). In this case, as other terminal IDs belonging 
to the same group are stored In the group-associated 20 
CF card 3 for each AP software/database, the terminal 
ID corresponding the selectively designated AP soft- 
ware/database is read from the CF card 3 and it is 
checked if those terminal IDs include the local terminal 

ID. 25 

[0059] When the terminal IDs match with each 
other, access to the selectively designated AP software/ 
database is allowed and the flow goes to a step of exe- 
cuting the associated process (step B6). When the ter- 
minal IDs do not match with each other, on the other 30 
hand, the flow returns to step B1 so that access to the 
AP software/database is inhibited. 
[0060] According to the first embodiment, as 
described above, at the time of accessing an AP soft- 
ware/database In the CF card 3 and performing data 3S 
processing, the portable terminal 2 compares the termi- 
nal ID read from the CF card 3 with the its own terminal 
ID previously set and access to the AP software/data- 
base in the CF card 3 is controlled based on whether or 
not there is a match in the comparison process. This 40 
makes it possible to permit only a predetermined porta- 
ble terminal 2 to access the AP software/database in 
the CFcard 3. 

[0061 ] In other words, portable terminals 2 that can 
access the AP software/database in the CF card 3 are 45 
restricted, thus ensuring access control terminal by ter- 
minal and effective prohibition of illegitimate copying by 
any portable terminal 2 which does not have an authen- 
tic accessing right. 

[0062] The same is true of a group-associated CF so 
card 3 as well as a terminal-associated CF card 3. 
When a predetermined AP software/database is used 
for each business area, access control for each terminal 
group is possible if the terminal groups are separated 
area by area. 55 
[0063] When the terminal IDs are stored in the CF 
card 3 in association with the individual AP software/ 
databases, it is possible to carry out access control ter- 



minal by terminal and for each AP software/database. 
That is, in a case where a plurality of AP software/ data- 
bases are stored in the CF card 3, it is possible to permit 
access to a predetermined AP software/database but 
inhibit access to the other AP software/databases, so 
that even the portable terminals 2 belonging to the 
same terminal group can individually be subjected to 
access control for each AP software/database. 
[0064] The server computer 1 writes an AP soft- 
ware/ database in a CF card 3 and permits distribution 
of the AP software/database via this CF card 3. At this 
time, the server computer 1 reads the terminal ID asso- 
ciated with this CF card 3 and writes this terminal ID 
together with the AP software/database in the CF card 
3. This makes it possible to specify the portable terminal 
2 which is to be given a permission to access the AP 
software/database. 

[0065] This can ensure access control terminal by 
terminal and effectively prohibit illegitimate copying by 
another portable terminal which does not have an 
authentic accessing right 

[0066] Further, the server computer 1 can specify 
an AP software/database to be written for each termi- 
nal-associated CF card 3 by referring to the application- 
data setting table 8 that defines the terminals which are 
permitted to access each AP software/database. 
[0067] The same is true of a group-associated CF 
card 3 as well as a terminal-associated CF card 3. It is 
possible to specify a terminal group which is permitted 
to access each AP software/database by writing the ter- 
minal IDs of the individual portable terminals 2 belong- 
ing to the same terminal group in the CF card 3. This 
can ensure access control terminal by terminal. 

(Second Embodiment) 

[0068] A second embodiment of this invention will 
now be described with reference to FIGS. 8 through 10. 
[0069] While the first embodiment is directed to an 
off-line type client/server system in which the server 
computer 1 exchanges data with the portable terminals 
2 via portable recording media 3, the second embodi- 
ment Is adapted to an on-line client/server system which 
has a plurality of client terminals connected in a commu- 
nicatable manner to the server computer over a net- 
work. The second embodiment basically has the same 
structure as the first embodiment. 
[0070] FIG. 8 is a system structural diagram illus- 
trating the client/server system according to the second 
embodiment This client/server system is a local area 
network or wide area network system which has a plu- 
rality of client terminals 32 connected to a server com- 
puter 31 via an exclusive line or a public line. 
[0071] This server computer 31 is provided with a 
terminal registration table 33 and an application -data 
setting table 34. The terminal registration table 33 and 
application -data setting table 34 basically have the 
same structures as the terminal registration table 7 and 
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the application-data setting table 8 (see FIGS. 4A and 
48) of the first embodiment. The terminal registration 
table 33 has "terminal names' associated with "terminal 
IDs". 

[0072] The application -data setting table 34 stores 
one terminal ID or more than one terminal ID each iden- 
tifying the terminal that is permitted to access each AP 
software/database in association with that AP soft- 
ware/database. 

[0073] When one client terminal 32 requests the 
server computer 31 to send an AP software/database, 
the server computer 31 refers to the terminal registra- 
tion table 33 and the application-data setting table 34 to 
check if this terminal is permitted to access that AP soft- 
ware/database. On the condition that the requesting ter- 
minal is such an access-granted terminal, the server 
computer 31 sends the AP software/database to the 
requester. 

[0074] The operation of the second embodiment 
will now be discussed with reference to the flowcharts 
shown in FIGS. 9 and 10. FIG. 9 illustrates the operation 
of the client terminal 32, and FIG. 10 illustrates the 
operation of the server computer 31 . 
[0075] First, when ID registration to register the 
local terminal ID of one client terminal 32 in the terminal 
registration table 33 in the server computer 31 is 
instructed on the client terminal 32 (step CI ), the local 
terminal name Is Input (step C2), the local terminal ID 
previously set is read out (step C3), a request for ID reg- 
istration is kept issued to the server computer 31 until a 
positive acknowledgement (positive response) is 
received (steps C4 and C5). 

[0076] If there Is a positive acknowledgement, the 
terminal ID is sent to the server computer 31 (step C6). 
When the request from the terminal is for ID registration 
(steps D2 to D4), the server computer 31 returns a pos- 
itive acknowledgement to the requester indicating that 
the request has been property received (step D16). 
When the server computer 31 receives the terminal 
name and terminal ID from the client terminal 32 as a 
consequence (step D17), the server computer 31 
checks if the received information has a previously 
determined format (step 018). When the information 
has such a format, the server computer 31 registers the 
terminal name and the terminal ID in the terminal regis- 
tration table 33 in association with each other (step 
D19). 

[0077] Then, the server computer 31 sends a posi- 
tive acknowledgement to the requester indicating that 
the registration has been made properly (step D20). 
[0078] When the terminal name and terminal ID 
sent from the terminal do not have the predetermined 
format, on the other hand, the server computer 31 
sends an error acknowledgement to the requester (step 
D15). . • - 

[0079]: If the positive acknowledgement is sent from 
the server computer 31 (step C7), the client terminal 32 
displays a registration end message (step C8). If the 



error acknowledgement is sent from the server compu- 
ter 31 , the client terminal 32 displays an error message 
(step C9). 

[0080] Every time the server computer 31 is 
5 requested for ID registration by each client terminal 32, 
the server computer 31 registers the terminal name and 
the terminal ID In the terminal registration table 33 in 
association with each other. 

[0081] When an instruction to set which terminal to 
w get a permission to access an AP software/database for 
each AP software/database is given on the server com- 
puter 31 , the application -data setting table 34 is created 
(steps D1 and D5-D8) in the same way as done in the 
first embodiment (steps A1-A5 in FIG. 6). 

is [0082] When the client terminal 32 gives a request 
to send an AP software/database with the terminal reg- 
istration table 33 and application-data setting table 34 
prepared on the server computer 31 (step C10 in FIG. 
10), the client terminal 32 reads the local terminal ID 

20 previously set (step C1 1) and keeps sending the trans- 
mission request for the AP software/database to the 
server computer 31 until a positive acknowledgement is 
received (steps C12 and C13). When the positive 
acknowledgement is received, the client terminal 32 

25 sends the terminal ID (step C14). 

[0083] If the request from the client terminal 32 is a 
transmission request for the AP software/database 
(steps D2 and D3), the server computer 31 sends a pos- 
itive acknowledgement to the requester (step D9) and 

30 waits for the terminal ID. When receiving the terminal ID 
from the requester (step D10), the server computer 31 
searches the terminal registration table 33 based on the 
received terminal ID to check if the request has come 
from an authentic terminal previously registered (step 

35 D11). 

[0084] If the request has not come from an authen- 
tic terminal, the server computer 31 sends an error 
acknowledgement to the requester (step D15). If the 
request is from an authentic terminal, the server compu- 

40 ter 31 sends a positive acknowledgement to the 
requester (step D12) and searches the application-data 
setting table 34 based on the terminal ID to selectively 
read the AP software/database corresponding to the 
terminal ID and sends the AP software/database to the 

45 requester (steps D13 and D14). In this case, if there are 
a plurality of AP software/databases corresponding the 
terminal ID, all the AP software/ databases may be sent 
to the requester, but if the transmission request is for 
only a desired AP software/database, the requested AP 

so software/database alone is transmitted. 

[0085] When an error acknowledgement is sent 
from the server computer 31 (step C15), the client ter- 
minal 32 displays an error message (step C9). When a 
positive acknowledgement is sent (step C1 5), however 

55 the client terminal 32 receives, registers and saves the 
AP software/database transmitted from the server com- 
puter 31 (steps C1 6 andC17). 

[0086] Then, the client terminal 32 activates this AP 
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software/database and initiates data processing (step 
C18). 

[0087] With the AP software/database from the 
server computer 31 registered and saved, the client ter- 
minal 32 can freely carry out data processing according s 
to the AP software/database anytime in response to the 
activation instruction (steps C19 and C18). 
[0088] According to the on-line type client/server 
system of the second embodiment, as described above, 
when any client terminal 32 makes a request to access 10 
an AP software/database, the terminal ID sent from the 
requesting client terminal 32 is compared with the termi- 
nal ID corresponding to the AP software/database 
stored in the application-data setting table 34 and 
whether or not to permit access that AP software/ data- 75 
base is determined based on the comparison result. By 
permitting only a predetermined terminal to access the 
AP software/database, it is possible to prohibit the AP 
software/data from being illegitimately downloaded and 
to guarantee the security. so 

(Third Embodiment) 

[0089] A third embodiment of this invention will now 
be described with reference to FIGS. 1 1 through 1 6. 25 
[0090] To avoid the redundant description, like or 
same reference numerals are given to those compo- 
nents which are the same as the corresponding compo- 
nents of the first embodiment 

[0091] FIG. 1 1 is a block diagram showing the gen- ao 
eral structure of a security managing system according 
to the third embodiment 

[0092] This security managing system provides a 
portable terminal with application software/data which is 
stored and managed on the server side by means of a 35 
portable recording medium, and guarantees the secu- 
rity of the application software/data in this recording 
medium to thereby prevent a third party from illegiti- 
mately copying the application software/data 
[0093] This system comprises a server 1 sited in a 40 
company office in, for example, a company organization 
and mobile client terminals (portable terminals) 2 that 
individual business persons carry around. Each busi- 
ness person does a business work while accessing 
application software/data stored in a CF card 3 outside 45 
the office. 

[0094] The portable terminals 2 can be connected 
in a detachable manner to the server 1 by serial cables 
105. 

[0095] That is, the server 1 and the portable termi- so 
nais 2 can be connected as needed. 
[0096] The server 1 distributes an application soft- 
ware/ database file (hereinafter called "AP soft- 
ware/data") to the portable terminals 2 via the CF cards 

3. - ■ ■ " 55 

[0097] When AP software/data to be written in the 
CF card 3 or AP software/data to be distributed is arbi- 
trarily designated, the server 1 accesses an AP soft- 



ware/ database storage section 106 to read the 
corresponding AP software/data and sends it to the 
card reader/writer 4 to thereby write the AP soft-- 
ware/data in one CF card 3 or more than one CF card 3 
set in the card reader/writer 4. 

[0098] At this time, the management information of 
the AP software/data stored in the CF card 3 or the 
areas of FAT (File Allocation Table) and the root direc- 
tory are designated and the contents of those areas are 
scrambled (encrypted). In this case, scrambling is car- 
ried out by using an encryption key arbitrarily generated 
forme scrambling process. 

[0099] It is to be noted that any scheme can be 
used to carry out scrambling (encryption) and the man- 
agement information for AP software/data may be 
encrypted using an arbitrarily generated encryption key. 
[0100] Preset predetermined terminal Identification 
information (production serial number) is stored in each 
portable terminal 2. The server 1 reads the predeter- 
mined terminal Identification information (production 
serial number) from each portable terminal 2 and 
encrypts the terminal identification information using an 
arbitrarily generated encryption key and writes the 
encrypted information in the CF card 3. The encryption 
key used In encrypting the terminal Identification infor- 
mation and the encryption key that has been used in the 
scrambling process are written in the portable terminal 
2. 

[0101] With the CF card 3 retaining AP soft- 
ware/data set in a card reader 107, at the time of 
accessing the AP software/database in the CF card 3, 
the portable terminal 2 reads the encrypted terminal 
identification information from this card 3 and reads 
from the server 1 the encryption key for terminal identi- 
fication information stored in the local memory and 
restores the encrypted terminal identification informa- 
tion using this encryption key. 

[0102] Then, the portable terminal 2 reads the ter- 
minal identification information previously set in the 
local memory and compares this terminal identification 
information with the restored terminal identification 
information. When both terminal identification informa- 
tion coincide with each other, the portable terminal 2 
restores the scrambled management information for AP 
software/data. 

[0103] At this time, access to AP software/data is 
permitted by reading the encryption key for scrambling 
and restoring the FAT and root directory of the AP soft- 
ware/data by using the encryption key. 
[0104] FIG. 12 shows the contents of the CF card 3 
in which a 'scramble flag", "encrypted identification 
information", "FAT", "root directory" and "AP soft- 
ware/database" are written by the server 1 . 
[0105] The "scramble flag" indicates that the "FAT 
and "root directory" of AP software/database stored in 
the CF card 3 are scrambled. The "encrypted identifica- 
tion information" is the predetermined terminal identifi- 
cation information (production serial number) read from 
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the portable terminal 2 that is encrypted by the server 1 . 
The "FAT" and 'root directory" are management infor- 
mation for managing one or more than one AP soft- 
ware/data and have been scrambled. 
[0106] FIG. 1 3 is a block diagram showing the gen- 5 
eral structure of the server 1, and since the general 
structure of the portable terminal 2 is the same as that 
of the server 1, FIG. 13 also shows a block diagram of 
the portable terminal 2. 

[0107] The CPU 11 is a central processing unit w 
which controls the general operation of the server 1 or 
the portable terminal 2 according to the operating sys- 
tem and/or various kinds of application software stored 
in a memory device 112. 

[0108] The memory device 112 has a recording 15 
medium 1 13 where a database, character font data and 
so forth are stored In addition to the operating system 
and various kinds of application software, and a drive 
system (not shown) for this recording medium. The 
recording medium 1 1 3 is constituted of a magnetic, optl- 20 
cal or semiconductor memory or the like. 
[0109] This recording medium 113 is a fixed 
medium such as a hard disk or a portable medium such 
as a removable CD-ROM, floppy disk, RAM card or 
magnetic card. zs 
[0110] The program and data in the recording 
medium 113 are loaded into a RAM (e.g., static RAM) 
1 14 and data in the RAM 1 14 Is saved in the recording 
medium 113 as needed under the control of the CPU 
11. so 
[0111] The recording medium may be provided on 
an external device such as a server, in which case the 
CPU 11 can directly access and use the program/data- 
base in the recording medium via a transmission 
medium or line. 35 
[0112] The CPU 1 1 can acquire some or all of what 
is to be stored in the recording medium 113 from 
another device via a transmission medium and can 
newly register or additionally register it in the recording 
medium 113. 40 
[0113] That is, the CPU 11 can receive the pro- 
gram/database that is transmitted from another device 
which constitutes a computer communications system 
(e.g., a server/host/client computer) via a cable trans- 
mission line such as a communication line or a cable or 4S 
a radio transmission path such as radio waves, micro- 
waves or infrared rays by means of a transmission con- 
trol section 115, and Installs it in the recording medium 
113. 

[0114] The program/database may be stored and so 
managed on an external device side, such as a server, 
in which case the CPU 1 1 can directly access and use 
the program/database on the external device side via a 
transmission medium. 

[0115] As apparent from the above; the CPU 1 1 can . 55 
execute the predetermined operation of this embodi- 
ment by using not only the program/database that has 
previously been installed in a permanent form, but also 
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the program/database that is externally supplied via a 
recording medium or a transmission medium, or the 
program/database that is stored and managed on an 
external device side. 

[0116] The CPU 11 is connected to the transmis- 
sion control section 1 15, an input section 1 16, a display 
device 117, a printing section 118 and a card 
reader/writer 4, which are input/output peripheral 
devices of the CPU 1 1, by bus lines, and controls the 
operations of those units according to an input/output 
program. The transmission control section 115 is a 
communications interface including, for example, a 
communications modem, an infrared ray module or an 
antenna. The input section 1 16 is the operation section 
which constitutes a keyboard, or a touch panel or a 
pointing device, such as a mouse or a touch type pen 
and through which character data and various com- 
mands are input. 

[0117] The display device 1 1 7 is a liquid crystal dis- 
play or a CRT which provides full-color display, or a 
plasma display device. The printing section 118 is a 
non-impact printer, such as a thermal transfer or ink-jet 
type, or a dot-impact printer. 

[0118] The card reader/writer 4 performs a writ- 
ing/reading operation on the CF card 3. 
[0119] The operations of the server 1 and the port- 
able terminal 2 according to the third embodiment will 
now be described with reference to the flowcharts 
shown in FIGS. 14 to 1 6. 

[01 20] It is to be noted that the program that accom- 
plishes various functions described in those flowcharts 
is stored in the recording medium 113 in the form of 
computer-readable program codes according to which 
the CPU 1 1 executes the operations as needed. The 
same is true of other embodiments which will be dis- 
cussed later. 

[0121] FIGS. 14 and 15 are flowcharts illustrating 
the operation of the server 1 when the portable terminal 
2 is externally provided with AP software/data, which is 
stored and managed on the server 1 , by means of the 
portable CF card 3. 

[0122] First, when the user selects all the AP soft- 
ware/data to be written (step E1 ), the CPU 1 1 acquires 
the AP software/data selectively designated and the 
FAT and root directory from the AP software/database 
storage section 106 (step E2). 

[0123] When the user designates the terminal on 
which writing is to be performed (step E3), the CPU 1 1 
checks if writing is to be performed only on the desig- 
nated terminal or a group of terminals (step E4). 
[01 24] When writing only to the designated terminal 
is specified, .the "production serial number" is read from 
the designated terminal (step E5) and an encryption key 
K1 for encrypting the "production serial number" is gen- 
erated (step. E6). 

[0125] In this case, the encryption key K1 is numer- 
ical data or the like which is generated at random and is 
used in encrypting the "production serial number" read 
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from the designated terminal, thereby generating termi- 
nal identification information (step E7). 
[0126] Then, the CPU 11 generates an encryption 
key K2 for a scrambling process (step E8), which is also 
numerical data or the like which is generated at random. 5 
The encryption key K1 for encrypting the terminal iden- 
tification information and the encryption key K2 for 
scrambling, which are generated in this manner, are 
written in the designated terminal (step E9). 
[0127] The CPU 11 writes the AP software/data, io 
FAT and root directory acquired in step E2 and the ter- 
minal identification information encrypted in step E7 Into 
the CF card 3 that is associated with the designated ter- 
minal (step E10). 

[0128] Then, the CPU 11 scrambles the AP soft- 75 
ware/data, FAT and root directory, written in the CF card 
3, using the encryption key K2 generated in step E8 
(step E1 1) and sets the •scramble flag* in the CF card 3 
on (step E12). 

[0129] When processing with respect to the desig- 20 
nated terminal is completed, such is detected in step 
E13 and this flow is terminated. 

[0130] When writing to a group of terminals is des- 
ignated (step E4), the flow proceeds to the flowchart in 
FIG. 15 and a process of generating group terminal zs 
identification information is earned out first. 
[0131] As described above, the group terminal 
identification information Is generated by the combina- 
tion of the predetermined terminal identification infor- 
mation (production serial number) read from the first 30 
portable terminal 2 belonging to that group and an arbi- 
trary input group name. If it is the first terminal in the 
group (step E1 5), as its group identification information 
(group name) is arbitrarily input (step Ei6), the terminal 
identification information (production serial number) is 35 
read from the first terminal (step E17). Based on the 
group name and the group name and production serial 
number, the group terminal identification information 
predetermined to the group is generated (step E18). 
[0132] If the group name is "business section 1" 40 
and the production serial number is "C0001", for exam- 
ple, "C0001 business section 1" is generated as the 
group terminal identification information. 
[0133] Then, an encryption key K1 for encrypting 
this group terminal identification information is gener- 45 
ated at random (step E19) and the group terminal iden- 
tification information is encrypted using the generated 
key K1 (step E20). 

[0134] Further, an encryption key K2 for scrambling 
is generated (step E21). so 
[0135] Next, the encrypted group terminal identifi- 
cation information is written together with its encryption 
key K1 and the encryption key K2 for scrambling in the 
designated terminal, i.e., the first portable terminal 2 in 
this case, (step E22). 53- 
[0136] The flow returns to step E10 in FIG. 14 to 
write the AP software/data, its the FAT and root direc- 
tory, and the encrypted group terminal identification 



information in the CF card 3 associated with the desig- 
nated terminal. Then, the FAT and root directory are 
scrambled by using the encryption key K2 for scram- 
bling (step E11) and the scramble flag is set on (step 
E12). 

[0137] The above writing process is carried out for 
all the terminals in the group. Specifically, it is checked 
in step El 3 hf every terminal in the designated group has 
undergone the writing process. If the processing has not 
completed, the flow proceeds to step E14 to designate 
the next terminal in the same group. The flow then goes 
to step E22 in FIG. 15 to write the group terminal Identi- 
fication information together with its encryption key K1 
and the encryption key K2 for scrambling in the desig- 
nated terminal or the second portable terminal 2 in this 
case. 

[0138] Thereafter, the above-described operation Is 
repeated until every terminal in the designated group, 
undergoes the writing process. When the writing proc- 
ess is completed for every terminal in the designated 
group, the same contents are written in the individual 
portable terminals 2 in the same group and the same 
group terminal identification information is written in the 
individual portable terminals 2 in the group and the 
associated CF cards 3. 

[0139] FIG. 16 is a flowchart illustrating the opera- 
tion of each portable terminal 2. When access to a CF 
card 3 is specified, the operation according to this flow- 
chart is initiated. 

[0140] First, the CPU 1 1 checks if the CF card 3 is 
set (step F1). If the CF card 3 is not set, the CPU 1 1 
returns to the main flow in the normal routine. If the CF 
card 3 is set, the CPU 1 1 reads the terminal identifica- 
tion information from the CF card 3 (step F2) and reads 
from the server 1 the encryption key K1 for the terminal 
identification information written in the local terminal 
(step F3). Then, the CPU 1 1 decrypts this terminal iden- 
tification information using the encryption key K1 (step 
F4). 

[0141] Then, the CPU 11 reads the local terminal 
identification information previously set (step F5), com- 
pares it with the decrypted terminal identification infor- 
mation (step F6) and checks if both information match 
with each other (step F7). 

[0142] When there is no match, the access to the 
designated CF card 3 is Inhibited and the routine Is ter- 
minated. When there is a match, on the other hand, the 
CPU 1 1 checks if the scramble flag in the CF card 3 is 
set on (step F8). 

[0143] When the scramble flag is not set on, the 
CPU 1 1 permits access to the CF card 3 only on the 
condition that both terminal identification information 
coincide with each other. When the scramble flag is set 
on, however, the CPU 11 reads from the server 1 the 
encryption key-K2 for scrambling written in the local ter- 
minal (step F9) and decrypts the FAT and root directory 
in the CF card 3 using this encryption key K2 (step F1 0). 
This permits access to the CF card 3. 
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[0144] According to the third embodiment, as 
described above, the server 1 reads predetermined ter- 
minal identification information from a portable terminal 
2 connected thereto, writes the read, predetermined ter- 
minal identification information, AP software/data and 5 
its FAT and root directory in the associated CF card 3, 
and scrambles and the FAT and root directory in the CF 
card 3 to encrypt them. 

[0145] At the time of accessing the AP soft- 
ware/data in the CF card 3 set in the portable terminal w 
2, the portable terminal 2 reads the encrypted terminal 
Identification information from the CF card 3, restores it 
and compares the restored terminal identification infor- 
mation with its own terminal identification information. 
When there is a match, the portable terminal 2 is 
descrambles the scrambled the FAT and root directory 
of the AP software/data and only then can permit 
access to the CF card 3. 

[0146] That is, as the association of a CF card 3 
with a portable terminal 2 Is carried out by checking 20 
whether or not their terminal identification information 
coincide with each other and encryption and decryption 
of the FAT and root directory of the AP software/data, 
only a predetermined terminal is permitted to access 
the AP software/data in the CF card 3 and the termi- zs 
nalby-terminal access control can effectively inhibit ille- 
gitimate copying by another portable terminal device 
which does not have an authentic accessing right in the 
case where the portable terminal 2 is externally pro- 
vided with the AP software/data, which is managed by 30 
the server 1 , by means of the portable CF card 3. In this 
case, the encryption of the terminal identification infor- 
mation and the FAT and root directory of the AP soft- 
ware/data enhances the security significantly 
[0147] The same is true of a group-assoctated CF as 
card as well as a terminal- associated CF card. When 
predetermined AP software/data is used for each busi- 
ness area, area-by-area access control is possible if the 
terminal groups are separated area by area. 

40 

Claims 

1. A portable terminal apparatus (2) for accessing 
application software and data, stored in a potable 
recording medium (3) set in said portable terminal 45 
apparatus, for performing data processing, charac- 
terized by comprising: 

read means (4) for reading identification infor- 
mation predetermined to a portable terminal so 
apparatus, previously stored as control infor- 
mation in said recording medium (3), at a time 
of gaining access to said application software 
and data in said recording medium (3); 
comparison means (21) for comparing said ss 
identification information read by said read 
means (4) with previously set local identifica- 
tion information; and 



access control means (21) for determining 
whether or not to permit access to said applica- 
tion software and data in said recording 
medium (23) based on a result of comparison 
made by said comparison means (21). 

2. The portable terminal apparatus according to claim 
1, characterized in that in a case of accessing a 
recording medium which is associated with a group 
of portable terminal apparatuses (2) and has stored 
plural pieces of identification information predeter- 
mined to a plurality of portable terminal appara- 
tuses (2) belonging to a same group in association 
with said portable terminal apparatuses, said 
access control means (21) determines whether or 
not to permit access to said application software 
and data in said recording medium (3) based on 
whether or not said previously set local identifica- 
tion information is included in said plural pieces of 
identification information read from said recording 
medium (3). 

3. The portable terminal apparatus according to claim 
1, characterized in that in a case where plural 
pieces of application software and data are stored 
in said recording medium (3) and identification 
information predetermined to each portable termi- 
nal apparatus (2) Is stored In said recording 
medium (3) in association with associated applica- 
tion software and data, said read means (4) reads 
identification information corresponding to applica- 
tion software and data designated as an access tar- 
get and said access control means (21 ) determines 
whether or not to permit access for each application 
software and data by comparing said identification 
information read out from said recording medium 
(3) with said previously set local identification infor- 
mation. 

4. A data distribution apparatus for writing application 
software and data in a portable recording medium 
(3) to ensure distribution of said application soft- 
ware and data to each portable terminal (2) via said 
recording medium (3), characterized by comprising: 

acquisition means (1) for acquiring, as access 
control information, identification information 
predetermined and previously assigned to a 
portable terminal (2) whose access to applica- 
tion software and data has been permitted or 
inhibited; and 

write means (4) for writing said portable termi- 
nal identification Information acquired by said 
acquisition means (1) in said recording medium 
, : (3):in association with said application software 
and data. 

5. The data distribution apparatus according to claim 



11 



EP 1 048 998 A2 



22 



21 

4, characterized in that said write means (4) speci- 
fies application software and data to be written for 
each recording medium (2) associated with a port- 
able terminal (2) by referring to definition informa- 
tion for defining, for each application software and 5 
data, a portable terminal (2) whose access to said 
application software and data is to be permitted or 
inhibited, and writes said specified application soft- 
ware and data together with said portable terminal 
identification information in said recording medium 10 
(3). 

6. The data distribution apparatus according to claim 
4, characterized in that at a time of distributing 
application software and data to a plurality of porta- 75 
ble terminals (2) belonging to a same group (A, B) 

via said recording medium (3), said acquisition 
means (1) acquires plural pieces of identification 
information predetermined to individual portable 
terminals (2) belonging to that group (A, B) and said 20 
write means (4) writes said plural pieces of portable 
terminal identification information belong to said 
same group acquired by said acquisition means (1 ), 
together with application software and data, in said 
recording medium. 25 

7. A data distribution apparatus for carrying out data 
communications with a plurality of portable terminal 
apparatuses (32) over a network, characterized by 
comprising: 30 

access-restriction information memory means 
(33) for storing portable terminal identification 
information as access restriction information in 
association with each application software and 35 
data; 

comparison means (31 ) for, when a request to 
access application software and data is made 
from any one of said portable terminal appara- 
tuses (32), comparing said portable terminal 40 
identification information transmitted from said 
requesting portable terminal apparatus (32) 
with portable terminal identification information 
corresponding to said requested application 
software and data; and 45 
access control means (31) for determining 
whether or not to permit access to said applica- 
tion software and data based on a result of 
comparison made by said comparison means 
(31). so 

8. A method for accessing a data recording medium 
(34) for storing a database for which a portable ter- 
minal (32) that is to use said database has previ- 
ously been specified, characterized by comprising 55 
the steps of: 

determining if a portable terminal (32) which 



attempts to access said data recording medium 
(34) is said specified portable terminal (32) that 
has previously been permitted to access said 
database stored in said data recording medium 
(34) by collating identification information 
stored in said data recording medium (34) with 
identification information stored in said porta- 
ble terminal (32); and 

permitting said portable terminal (32) to access 
said database stored in said data recording 
medium (34) when said portable terminal (32) 
is determined as said specified portable termi- 
nal. 

9. A database accessing method for a system com- 
prising a data distribution apparatus (1) and porta- 
ble terminals (2), characterized by comprising the 
steps of: 

allowing said data distribution apparatus (1) to 
distribute a database for which a portable ter- 
minal (2) that is to use said database has pre- 
viously been specified, via a predetermined 
data recording medium (3); 
determining if a portable terminal (2) which 
attempts to access said data recording medium 
(3) is said portable terminal which has previ- 
ously been specified at a time of distribution; 
and 

permitting said portable terminal (2) to access 
said database via said data recording medium 
(3) and to use data when said portable terminal 
(2) is determined as said previously specified 
portable terminal. 

10. A data accessing system comprising a data distri- 
bution apparatus (105) and portable terminals (2), 
characterized in that: 

at a time of storing a database in a data record- 
ing medium (3) associated with a portable ter- 
minal (2) which is to use said data recording 
medium (3), said data distribution apparatus 
(105) stores predetermined database to be 
used by said portable terminal (2) associated 
with said data recording medium (3) in said 
data recording medium; and 
at a time of accessing said data recording 
medium (3), said portable terminal (2) deter- 
mines if said data recording medium (3) is 
associated with said portable terminal (2) and 
gives a permission to access said data record- 
ing medium (3) and said database stored in 
said data recording medium (3) when said port- 
able terminal (2) is ti.c associated one. 

11. A recording medium accessing method for access- 
ing a recording medium (3) having an encrypted 
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database stored therein by using a portable termi- 
nal, characterized by comprising the steps of: 

performing a first security check of checking if 
said portable terminal is permitted to access 
said recording medium at a time said portable 
terminal accesses said recording medium (3) 
by collating identification information of said 
recording medium with identification informa- 
tion In said portable terminal; and 
performing a second security check of check- 
ing if said portable terminal is permitted to 
decrypt said database stored in said recording 
medium at a time of decrypting said database 
stored in said recording medium by carrying 
out decryption based on key information stored 
only in a previously authenticated portable ter- 
minal and a decryption program. 

12. A recording medium accessing method for access- 
ing a recording medium by using a portable termi- 
nal, characterized by comprising the steps of: 

generating identification information for associ- 
ating an arbitrary portable terminal with arbi- 
trary data recording medium (3); 
associating said portable terminal with said 
data recording medium (3) by writing said gen- 
erated identification information in said porta- 
ble terminal and said data recording medium 
(3); and 

at a time of accessing an arbitrary data record- 
ing medium, allowing said portable terminal to 
determine whether or not to have a permission 
to access said arbitrary data recording medium 
based on a result of collating said identification 
information stored in said arbitrary data record- 
ing medium with said identification information 
stored in said portable terminal. 

13. A recording medium accessing method for access- 
ing a recording medium by using a portable termi- 
nal, characterized by comprising the steps of: 



collating said group identification information 
stored in said arbitrary data recording medium 
with said group identification information stored 
in said portable terminal. 

5 

14. A data distribution apparatus for storing a database 
file to be accessed by a portable terminal (2) in a 
recording medium (3), characterized in that at a 
time of storing a predetermined database file which 

w is to be used by a portable terminal (2) associated 
with a recording medium (3) in said recording 
medium (3), said data distribution apparatus (11) 
scrambles said database file in such a manner that 
descrambling can be carried out by said portable 

is terminal (2) associated with said recording medium 
(3), and stores said scrambled database file in said 
associated recording medium (3). 

15. A portable terminal for accessing a recording 
20 medium (3) in which a scrambled database is 

stored by the data distribution apparatus (11) as 
recited in claim 14, characterized in that at a time 
said portable terminal (2) accesses said recording 
medium (3), said portable terminal (2) determines if 

25 said recording medium (3) is associated with said 
portable terminal (2), and descrambles said scram- 
bled database stored in said recording medium (3) 
when said recording medium (3) is the associated 
one and gives a permission to access individual 

30 records in said descrambled database. 



generating group identification information for 45 
associating a plurality of portable terminals 
with one or a plurality of data recording media 

(3); 

associating said portable terminals with said 
one or plurality of data recording media (3) by so 
writing said generated group identification 
information in said portable terminals and said 
one or plurality of data recording media; and 
at a time of accessing an arbitrary data record- 
ing medium, allowing an arbitrary one of said 55 
portable terminals to determine whether or not 
to have a permission to access said arbitrary 
data recording medium based on a result of 
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